[389-users] Re: Need to re-register 389ds servers

[wudadin2003]

Thanks for replying Mark,

The admin server was running in another datacenter and unfortunately it has 
gone away. The server that went away had all of my Ldap servers registered to 
it and was my single pane of glass to managing all of my other servers in other 
datacenters. So I am trying to get all of the existing LDAP servers registered 
to another server. Here are the processes that are running on the server that I 
want to register all of my LDAP servers too:

~ # ps -ef | grep -E "admin|slap" | grep -v grep
root  2175 1  0 11:39 ?00:00:00 /usr/sbin/nss_pcache 393220 off 
/etc/dirsrv/admin-serv
root  2176 1  0 11:39 ?00:00:01 /usr/sbin/httpd.worker -k start 
-f /etc/dirsrv/admin-serv/httpd.conf
root  2181  2176  0 11:39 ?00:00:00 /usr/sbin/httpd.worker -k start 
-f /etc/dirsrv/admin-serv/httpd.conf
ldapuser  2182  2176  0 11:39 ?00:00:00 /usr/sbin/httpd.worker -k start 
-f /etc/dirsrv/admin-serv/httpd.conf
ldapuser 31881 1 11 10:10 ?01:22:39 ./ns-slapd -D 
/etc/dirsrv/slapd-super-name-01 -i /var/run/dirsrv/slapd-super-name-01.pid -w 
/var/run/dirsrv/slapd-super-name-01.startpid
~ #

While not having a "o=NetscapeRoot" its is definitely up and resolving 
authentication requests. 

I thought that "setup-ds.pl" was used to set up the directory server and the 
"setup-ds-admin.pl" script was for setting up the admin server. It has been a 
long time since I have set up server. 

Basically I want to set up a new single pane of glass to manage all of my 
existing LDAP servers. Would I use the "setup-ds.pl -u" to achive that? 
Just run it on all of my existing LDAP servers?
Would I still need to manually edit the /etc/dirsrv/admin-serv/adm.conf file on 
all existing servers since the "ldapurl" is still pointing to now non-existing 
server?

Example of current setting in all of the existing adm.conf files:
ldapurl: ldap://now-nonexistent-server.my.domain.com:389/o=NetscapeRoot

Thank you again for your help!
___
389-users mailing list -- 389-users@lists.fedoraproject.org
To unsubscribe send an email to 389-users-le...@lists.fedoraproject.org

Re: post-mortem: f24 boot fails; need help.

[Joseph Loo]

On 06/02/2017 06:32 PM, William Mattison wrote:
> I tried badblocks last night.  I didn't realize how long it would take.  
> After over 3 hours, I had to abort it to do something else.
> 
> This morning, I retried it, this time with options to show its progress.  It 
> took between 3 1/2 and 3 3/4 hours.  Here are the results:
> ===
> bash.3[~]: badblocks -s -v /dev/sda
> Checking blocks 0 to 1953514583
> Checking for bad blocks (read-only test): done
>  
> Pass completed, 0 bad blocks found. (0/0/0 errors)
> bash.4[~]:
> ===
> I don't think this completely rules out the hard drive as the villain, but 
> it's now less of a suspect.  Am I correct in guessing that the 
> non-destructive read-write option (option "-n") would take over twice as long 
> (7 1/2 or more hours)?
> 
> Thanks,
> Bill.
> ___
> users mailing list -- users@lists.fedoraproject.org
> To unsubscribe send an email to users-le...@lists.fedoraproject.org
> 
It would take about 4 times longer. I believe it reads and writes with 4
different patterns. It will wipe the disk completely.

-- 
Joseph Loo
j...@acm.org
___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org

Re: post-mortem: f24 boot fails; need help.

[William Mattison]

Well, the battery has been replaced this afternoon.  It took between 2 and 2 
1/2 hours.  The system seems to be functioning ok so far, but I haven't yet 
booted up in windows-7, and I haven't yet tried a "dnf upgrade".

Before I took the system apart, I checked the CMOS clock and the voltages 
reported by the motherboard in the UEFI BIOS display:
* CPU voltage varied, but was 0.98 +/- less than 0.01 volts.
* "3.3V Voltage" was 3.392 volts.
* "5V Voltage" was 5.040 volts.
* "12V Voltage" was 12.096 volts.
The CMOS clock seemed slightly slow compared to my "atomic" clock, but by less 
than 1 second.
I gather none of the voltages displayed was the battery's voltage; I could not 
find a battery state indication in any of the BIOS displays.  After the battery 
change was done, I checked the old battery with a battery tester.  It was well 
in the "green range".

I agree with the criticisms about ASUS making the battery so difficult to 
access on this motherboard.  I also found the USB 3.0 connector to be a 
problem.  The pins were too crowded, too close to the socket wall, and too 
easily bent.  I had to straighten out two of them, and it was difficult.  
Getting the plug into the socket took very careful and delicate alignment.

I hope to try the smartctl long test on the hard drive tomorrow.

thanks,
Bill.
___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org

Re: post-mortem: f24 boot fails; need help.

[William Mattison]

I tried badblocks last night.  I didn't realize how long it would take.  After 
over 3 hours, I had to abort it to do something else.

This morning, I retried it, this time with options to show its progress.  It 
took between 3 1/2 and 3 3/4 hours.  Here are the results:
===
bash.3[~]: badblocks -s -v /dev/sda
Checking blocks 0 to 1953514583
Checking for bad blocks (read-only test): done  
   
Pass completed, 0 bad blocks found. (0/0/0 errors)
bash.4[~]:
===
I don't think this completely rules out the hard drive as the villain, but it's 
now less of a suspect.  Am I correct in guessing that the non-destructive 
read-write option (option "-n") would take over twice as long (7 1/2 or more 
hours)?

Thanks,
Bill.
___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org

Re: nfs problem [solved]

[Rick Stevens]

On 06/02/2017 04:51 PM, Eyal Lebedinsky wrote:
> On 03/06/17 03:13, Rick Stevens wrote:
>> On 06/02/2017 05:07 AM, Eyal Lebedinsky wrote:
>>> On 02/06/17 21:48, Roger Heflin wrote:
 If the machine mounting the file and doing the tail has read from the
 file and there is new data added in that last block and because of the
 rate the data is coming into the file the timestamp on the file does
 not change then the client nfs host will not know that the last block
 has changed and will not know to reread it (it is already in cache).
 If it is this bug/feature nfs has worked this way I think pretty much
 forever at a larger scale (2 hosts each writing every other block, if
 the timestamp does not change then each node will see the others
 blocks as empty because of cache, at least until the timestamp changes
 from what it knows it wrote).  The trick my previous job implemented
 was to make sure the timestamp on the file moved ahead at least one
 second so that the clients knew the file changed.  but if tail is
 actively reading it while things are getting written into it I don't
 see a way it would be able to work that well.

 What you are describing sounds like a variant of this issue.
>>>
>>> Thanks Roger,
>>>
>>> Interesting, though I wonder why it worked very well until the latest
>>> kernel
>>> series (3.10/3.11) which started showing the problem. Looks like a new
>>> "feature"
>>> to me.
>>>
>>> BTW, the server is also the time server and the two are well
>>> synchronised. When
>>> a zero block shows up it can take a minute or two before the real data
>>> shows up.
>>> I use 'less' to view the file, hit refresh (Shift-G) and soon a line of
>>> zeroes
>>> comes along. I kept refreshing for a few minutes until the good data
>>> shows.
>>>
>>> When I originally notices the problem (a monitoring script started
>>> showing garbage),
>>> the monitored file was updated once a minute and it needed to be updated
>>> two or
>>> three times before the real data was exported.
>>>
>>> which I consider rather a long time for a file to present wrong content
>>> (over nfs).
>>>
>>> Maybe there is an export (or mount) option I can use?
>>>
>>> Also, I could not find a reference to this problem when I investigated
>>> the issue
>>> initially, and as such I assumed it is my setup. But the server (f19)
>>> had no
>>> updates or changes for a long while. It is clearly the new kernels
>>> exposing this,
>>> and I tested more that one client machine to verify that they also show
>>> the issue.
>>
>> Newer kernels use NFSv4 by default. I can't remember what F19 uses
>> natively or if it has issues with NFSv4 clients (it may not really
>> implement NFSv4 properly or improperly negotiates protocol changes).
>> You might try forcing NFSv3 mounts and see if that clears the problem.
> 
> Hi Rick,
> 
> Good call. I set mount option 'nfsvers=3' and the problem went away.
> kernel 3.9 probably did not implement v4 that well.
> 
> To be sure, I mounted one fs as nfsvers=3 and another as the default
> (mount says 4.1) and the problem does not show on the first but does
> show on the second.
> 
> Thanks
> Eyal

Glad you got it sorted out. There's a lot of changes between V3 and V4
(permissions being a BIG one). The caching mechanisms and record/file
locking are others that can bite you (V4 does the latter quite a bit
better than V3).
--
- Rick Stevens, Systems Engineer, AllDigitalri...@alldigital.com -
- AIM/Skype: therps2ICQ: 226437340   Yahoo: origrps2 -
--
-  Careful!  Ugly strikes 9 out of 10 people!-
--
___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org

Re: nfs problem [solved]

[Eyal Lebedinsky]

On 03/06/17 03:13, Rick Stevens wrote:

On 06/02/2017 05:07 AM, Eyal Lebedinsky wrote:

On 02/06/17 21:48, Roger Heflin wrote:

If the machine mounting the file and doing the tail has read from the
file and there is new data added in that last block and because of the
rate the data is coming into the file the timestamp on the file does
not change then the client nfs host will not know that the last block
has changed and will not know to reread it (it is already in cache).
If it is this bug/feature nfs has worked this way I think pretty much
forever at a larger scale (2 hosts each writing every other block, if
the timestamp does not change then each node will see the others
blocks as empty because of cache, at least until the timestamp changes
from what it knows it wrote).  The trick my previous job implemented
was to make sure the timestamp on the file moved ahead at least one
second so that the clients knew the file changed.  but if tail is
actively reading it while things are getting written into it I don't
see a way it would be able to work that well.

What you are describing sounds like a variant of this issue.


Thanks Roger,

Interesting, though I wonder why it worked very well until the latest
kernel
series (3.10/3.11) which started showing the problem. Looks like a new
"feature"
to me.

BTW, the server is also the time server and the two are well
synchronised. When
a zero block shows up it can take a minute or two before the real data
shows up.
I use 'less' to view the file, hit refresh (Shift-G) and soon a line of
zeroes
comes along. I kept refreshing for a few minutes until the good data shows.

When I originally notices the problem (a monitoring script started
showing garbage),
the monitored file was updated once a minute and it needed to be updated
two or
three times before the real data was exported.

which I consider rather a long time for a file to present wrong content
(over nfs).

Maybe there is an export (or mount) option I can use?

Also, I could not find a reference to this problem when I investigated
the issue
initially, and as such I assumed it is my setup. But the server (f19)
had no
updates or changes for a long while. It is clearly the new kernels
exposing this,
and I tested more that one client machine to verify that they also show
the issue.


Newer kernels use NFSv4 by default. I can't remember what F19 uses
natively or if it has issues with NFSv4 clients (it may not really
implement NFSv4 properly or improperly negotiates protocol changes).
You might try forcing NFSv3 mounts and see if that clears the problem.


Hi Rick,

Good call. I set mount option 'nfsvers=3' and the problem went away.
kernel 3.9 probably did not implement v4 that well.

To be sure, I mounted one fs as nfsvers=3 and another as the default
(mount says 4.1) and the problem does not show on the first but does
show on the second.

Thanks
Eyal

You may want to look at the "noac" option on the clients as well as the
"acregmin", "acregmax", "acdirmin", "acdirmax" and "actimeo" values
(see "man 5 nfs"). Defaults and such have changed with different
kernels and perhaps there's some incompatibility.
--
- Rick Stevens, Systems Engineer, AllDigitalri...@alldigital.com -
- AIM/Skype: therps2ICQ: 226437340   Yahoo: origrps2 -
--
-  Cuteness can be overcome through sufficient bastardry -
- --Mark 'Kamikaze' Hughes   -
--
___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org



--
Eyal Lebedinsky (fed...@eyal.emu.id.au)
___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org

[389-users] Re: Performance Degradation with Split Database

[Paul Whitney]

Hi Mark,



Thanks for responding to my query.  I am in a somewhat constrained environment 
where posting any kind of log is not practical or permitted.



However, after much digging in the various tuning guides out there, I think I 
found the issue.  By default, the directory server is configured for a maximum 
of 30 concurrent threads (nsslapd-threadnumber).  While the tuning guide 
recommends threads should be set to 2 X CPU, I set it to 200.  This made all 
the difference in performance.  Drastically. We are still working on 
fine-tuning to improve groupRoot type queries response-times.



Not sure to what type of deployment the tuning guide is written to, but I think 
in an enterprise environment the numbers are too low. Perhaps it is based on a 
small lab/office environment and not an org with just under a million entries 
with non-static groups or users.  It would be nice if there were a table that 
provided numbers (customer-based survey) comparable to an organizations 
size/number of concurrent hits/etc.


Nevertheless, thank you!  This forum has definitely proven helpful in the past 
and look forward to future postings.



Regards,

Paul M. Whitney
E-mail: paul.whit...@mac.com
Sent from my browser.




On May 31, 2017, at 02:38 PM, Mark Reynolds  wrote:





On 05/31/2017 02:36 PM, Paul Whitney wrote:

Still in migration mode from RHEL5/DS 8.2 to CentOS7/DS10 (389-ds-base 
1.3.5.10-20).



Our one instance is setup with two databases (userRoot and groupRoot).  We are 
seeing some really high etimes when performing mods/search on the second 
database (groupRoot).  Wondering if anyone else has experienced this issue and 
what was done to overcome them?

Can you provide some access log snippets showing some searches & mods from 
start to finish with the high etimes?

Also, what kind of "mods" are you doing?

Thanks,
Mark



Server is vmware VM with 4 CPU, 64GB RAM, plenty of disk space. CentOS 7 is 
"tuned" for virtual-guest.



Paul M. Whitney
E-mail: paul.whit...@mac.com
Sent from my browser.







___
389-users mailing list -- 389-users@lists.fedoraproject.org
To unsubscribe send an email to 389-users-le...@lists.fedoraproject.org


___
389-users mailing list -- 389-users@lists.fedoraproject.org
To unsubscribe send an email to 389-users-le...@lists.fedoraproject.org

[389-users] Re: Need to re-register 389ds servers

[wudadin2003]

# setup-ds-admin.pl -ddd -u

==
The update option will allow you to re-register your servers with the
configuration directory server and update the information about your
servers that the console and admin server uses.  You will need your
configuration directory server admin ID and password to continue.

Continue? [yes]:

==
Please specify the information about your configuration directory
server.  The following information is required:
- host (fully qualified), port (non-secure or secure), suffix,
  protocol (ldap or ldaps) - this information should be provided in the
  form of an LDAP url e.g. for non-secure
ldap://host.example.com:389/o=NetscapeRoot
  or for secure
ldaps://host.example.com:636/o=NetscapeRoot
- admin ID and password
- admin domain
- a CA certificate file may be required if you choose to use ldaps and
  security has not yet been configured - the file must be in PEM/ASCII
  format - specify the absolute path and filename

Configuration directory server URL 
[ldap://master-server-02.my.domain.com:389/o=NetscapeRoot]:
Configuration directory server admin ID 
[uid=admin,ou=Administrators,ou=TopologyManagement,o=NetscapeRoot]:
Configuration directory server admin password:
Configuration directory server admin domain [my.domain.com]:
+++Attempting connection to master-server-02.my.domain.com:389 certdir  
configdir /etc/dirsrv
Could not authenticate as user 
'uid=admin,ou=Administrators,ou=TopologyManagement,o=NetscapeRoot' to server 
'ldap://master-server-02.my.domain.com:389/o=NetscapeRoot'.  Error: Operations 
error

Please try again, in case you mis-typed something.

Configuration directory server URL 
[ldap://master-server-02.my.domain.com:389/o=NetscapeRoot]:



So from this info and the earlier posted info, NetscapeRoot does not exist on 
this server.
___
389-users mailing list -- 389-users@lists.fedoraproject.org
To unsubscribe send an email to 389-users-le...@lists.fedoraproject.org

Re: VPN l2tp+ipsec: not work with last kernel 4.11.3-200

[Kseniya Blashchuk]

Do you use dnsmasq? I had the same issue until I set dns=dnsmasq in
NetworkManager.conf. I don't remember exactly why it's needed, found
somewhere at GitHub.

On Fri, Jun 2, 2017, 1:42 PM Dario Lesca  wrote:

> Il giorno ven, 02/06/2017 alle 10.24 +0200, Dario Lesca ha scritto:
> > Yesterday I have update my fedora 25 and after reboot VPN l2tp+ipsec
> > do not work anymore.
> >
> > The connection happens without problem, the routing are set
> > correctly, the DNS (UDP protocol) and ping (ICMP protocol) to remote
> > host work.
> >
> > Only the access to some server, like ssh or smb:// (TCP protocol) do
> > not work, in this case, if I monitoring on remote server with
> > tcpdump, none arrives.
> >
> > If I reboot with previous kernel (4.10.17) all work fine.
> >
> > Some suggest?
> >
> > Many thanks
> >
>
> I have fill a bulzilla:
> https://bugzilla.redhat.com/show_bug.cgi?id=1458222
>
> --
> Dario Lesca
> (inviato dal mio Linux Fedora 25 Workstation)
> ___
> users mailing list -- users@lists.fedoraproject.org
> To unsubscribe send an email to users-le...@lists.fedoraproject.org
>
___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org

Re: nfs problem

[Rick Stevens]

On 06/02/2017 05:07 AM, Eyal Lebedinsky wrote:
> On 02/06/17 21:48, Roger Heflin wrote:
>> If the machine mounting the file and doing the tail has read from the
>> file and there is new data added in that last block and because of the
>> rate the data is coming into the file the timestamp on the file does
>> not change then the client nfs host will not know that the last block
>> has changed and will not know to reread it (it is already in cache).
>> If it is this bug/feature nfs has worked this way I think pretty much
>> forever at a larger scale (2 hosts each writing every other block, if
>> the timestamp does not change then each node will see the others
>> blocks as empty because of cache, at least until the timestamp changes
>> from what it knows it wrote).  The trick my previous job implemented
>> was to make sure the timestamp on the file moved ahead at least one
>> second so that the clients knew the file changed.  but if tail is
>> actively reading it while things are getting written into it I don't
>> see a way it would be able to work that well.
>>
>> What you are describing sounds like a variant of this issue.
> 
> Thanks Roger,
> 
> Interesting, though I wonder why it worked very well until the latest
> kernel
> series (3.10/3.11) which started showing the problem. Looks like a new
> "feature"
> to me.
> 
> BTW, the server is also the time server and the two are well
> synchronised. When
> a zero block shows up it can take a minute or two before the real data
> shows up.
> I use 'less' to view the file, hit refresh (Shift-G) and soon a line of
> zeroes
> comes along. I kept refreshing for a few minutes until the good data shows.
> 
> When I originally notices the problem (a monitoring script started
> showing garbage),
> the monitored file was updated once a minute and it needed to be updated
> two or
> three times before the real data was exported.
> 
> which I consider rather a long time for a file to present wrong content
> (over nfs).
> 
> Maybe there is an export (or mount) option I can use?
> 
> Also, I could not find a reference to this problem when I investigated
> the issue
> initially, and as such I assumed it is my setup. But the server (f19)
> had no
> updates or changes for a long while. It is clearly the new kernels
> exposing this,
> and I tested more that one client machine to verify that they also show
> the issue.

Newer kernels use NFSv4 by default. I can't remember what F19 uses
natively or if it has issues with NFSv4 clients (it may not really
implement NFSv4 properly or improperly negotiates protocol changes).
You might try forcing NFSv3 mounts and see if that clears the problem.

You may want to look at the "noac" option on the clients as well as the
"acregmin", "acregmax", "acdirmin", "acdirmax" and "actimeo" values
(see "man 5 nfs"). Defaults and such have changed with different
kernels and perhaps there's some incompatibility.
--
- Rick Stevens, Systems Engineer, AllDigitalri...@alldigital.com -
- AIM/Skype: therps2ICQ: 226437340   Yahoo: origrps2 -
--
-  Cuteness can be overcome through sufficient bastardry -
- --Mark 'Kamikaze' Hughes   -
--
___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org

Re: Migrating an existing system with a different OS

[Patrick O'Callaghan]

On Fri, 2017-06-02 at 14:05 +0200, Walter H. wrote:
> On 31.05.2017 12:03, Patrick O'Callaghan wrote:
> > On Wed, 2017-05-31 at 10:01 +0200, Walter H. wrote:
> > > Hello,
> > > 
> > > I'm using Windows with several virtual machines (VMware);
> > > 
> > > is there a way to use these virtual machines with Fedora as host OS?
> > 
> > Yes. There is a free-to-use version of VMware Workstation for Fedora.
> > Check the VMware web page. You can also convert your VMware VMs to run
> > under KVM/QEMU ('man qemu-img'). Another alternative is VirtualBox.
> > 
> > poc
> 
> Hello,
> 
> does this mean,
> I can have VMware Workstation for Fedora without having to pay for it?

VMware have a free (as in beer) option for Workstation for personal
use.

> I guess the conversion of these VMware VMs won't work, as they are 
> Windows VMs ...

They are *virtual* machines. They can run on any host that supports the
specific VM environment (such as Linux) with any guest that's installed
on them (such as Windows). In fact this may well be the most common use
of VMs in Linux. As I said before, you can do this with VMware (of
which there are several packages, Workstation being the most common for
individual users), or QEMU/KVM, or VirtualBox. I've used all of them
under Fedora with both Windows 7 and Windows 10 VMs and even migrated
the same VM from one to another. Currently I'm using QEMU/KVM because
(depending on your motherboard and with a certain amount of fiddling)
it can pass through a second graphics card and let me run Windows games
at full speed.

poc
___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org

Re: Migrating an existing system with a different OS

[Patrick O'Callaghan]

On Fri, 2017-06-02 at 10:04 -0400, Matthew Miller wrote:
> On Wed, May 31, 2017 at 10:01:58AM +0200, Walter H. wrote:
> > Hello,
> > I'm using Windows with several virtual machines (VMware);
> > is there a way to use these virtual machines with Fedora as host OS?
> 
> Yes. Qemu-kvm, the native virtualization system used in Fedora can
> run vmware disk images. Or, better, you can convert them to qcow2
> images, which is the best native format. Like this:
> 
> 
> kvm-img convert -O qcow2 mywindowsvm.vmdk mywindowsvm.qcow2

That should be qemu-img, not kvm-img. The QCOW2 format is good for
things like snapshots, but sometimes a raw image can be faster. it
depends on your application.

poc
___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org

[389-users] Re: changing supplier

[Mark Reynolds]

On 06/02/2017 05:52 AM, Fabrice Teissedre wrote:
>
> Hi,
>
> I'm new too 389DS.
>
> I want to use it for a LDAP / AD replication.
>
> My university has an openldap with all the accounts (around 3).
>
> How can I change the supplier in 389-Ds to put the openldap directory
> as the source ? I don't kow if it's possible..
>
Sorry, 389 Directory Server's replication protocol does not with
openldap's Directory Server.

 
>
>
> Thanks.
>
> Regards.
>
>
> -- 
> ***
> Fabrice TEISSEDRE
> FSI SYSTEME ET RESEAUX
> Tel : 05.61.55.62.17
> Mel : fabrice.teisse...@univ-tlse3.fr
> ***
>
>
> ___
> 389-users mailing list -- 389-users@lists.fedoraproject.org
> To unsubscribe send an email to 389-users-le...@lists.fedoraproject.org

___
389-users mailing list -- 389-users@lists.fedoraproject.org
To unsubscribe send an email to 389-users-le...@lists.fedoraproject.org

[389-users] Re: Broken replicas and CleanRUV question

[Mark Reynolds]

On 06/02/2017 08:47 AM, Predrag Zečević - Technical Support Analyst wrote:
> On 05/31/17 20:44, Mark Reynolds wrote:
>>
>>
>> On 05/31/2017 06:00 AM, Predrag Zečević - Technical Support Analyst
>> wrote:
>>> Hi all,
>>>
>>> long time ago we have started with 389-DS and due to lack of
>>> experience I have installed and used admin server (which is abandoned
>>> later, because it is too complicated and requires someone at keyboard).
>>>
>>> As consequence of that, we have started to replicate netscapeRoot
>>> space... During time, we have upgraded s/w from initial
>>> 389-ds-1.2.1-1.el5 (started from FDS repository, moved to EPEL one
>>> later) to today's 389-ds-base-1.3.5.14-1.el6.x86_64 (this one is
>>> compiled from source and that was introduced before we have migrated
>>> boxes from RHEL5 to RHEL6 - actually CentOS OS).
>>>
>>> During various phases of upgrades, netscapeRoot replicas went out of
>>> sync (we did not spotted that, because of bug in monitoring script -
>>> that is another issue).
>>>
>>> Our setup includes MultiMaster ReadWrite replication (ldap1 <-->
>>> ldap2) and one ReadOnly (ldap3, consumes from both suppliers in MMR).
>>>
>>> Right now, this:
>>> $ for ldap in ldap1 ldap2; do
>>>ldapsearch -x -H ldaps://${ldap}.MyDomain.com -b "cn=mapping
>>> tree,cn=config" -D "cn=Directory Manager" -w ${DMPASS} -o ldif-wrap=no
>>> objectClass=nsDS5ReplicationAgreement |\
>>>awk -vLDAP=${ldap} '/^dn/ {printf("#= %s =#\n%s\n", LDAP,
>>> $0); next}; /^nsDS5ReplicaHost:/ {printf("%s\n", $0); next;};
>>> /^nsds5replicaLastUpdateStatus:/ {printf("%s\n", $0); next;}'
>>> done
>>>
>>> returns (I have excluded working MyDomain replicas output):
>>> $ #= ldap1 =#
>>> dn: cn=2eLDAPmmr,cn=replica,cn=o\3Dnetscaperoot,cn=mapping
>>> tree,cn=config
>>> nsDS5ReplicaHost: ldap2.MyDomain.com
>>> nsds5replicaLastUpdateStatus: Error (0) No replication sessions
>>> started since server startup
>>> #= ldap1 =#
>>> dn: cn=2eLDAPror,cn=replica,cn=o\3Dnetscaperoot,cn=mapping
>>> tree,cn=config
>>> nsDS5ReplicaHost: ldap3.MyDomain.com
>>> nsds5replicaLastUpdateStatus: Error (0) No replication sessions
>>> started since server startup
>>> #= ldap2 =#
>>> dn: cn=2eLDAPmmr,cn=replica,cn=o\3Dnetscaperoot,cn=mapping
>>> tree,cn=config
>>> nsDS5ReplicaHost: ldap1.MyDomain.com
>>> nsds5replicaLastUpdateStatus: Error (0) No replication sessions
>>> started since server startup
>>> #= ldap2 =#
>>> dn: cn=2eLDAPror,cn=replica,cn=o\3Dnetscaperoot,cn=mapping
>>> tree,cn=config
>>> nsDS5ReplicaHost: ldap3.MyDomain.com
>>> nsds5replicaLastUpdateStatus: Error (0) No replication sessions
>>> started since server startup
>>>
>>> I have tried various tricks to recover that replication, but w/o
>>> luck...
>>>
>>> When I check (for example ldap1) with this:
>>> $ ldapsearch -xLLLo ldif-wrap=no -H ldaps://ldap1.MyDomain.com -D
>>> 'cn=directory manager' -w ${DMPASS} -b o=netscapeRoot
>>> '(&(nsuniqueid=---)(objectclass=nstombstone))'
>>>
>>>
>>> I get as result:
>>> dn: cn=replica,cn=o\3Dnetscaperoot,cn=mapping tree,cn=config
>>> objectClass: nsDS5Replica
>>> objectClass: top
>>> nsDS5ReplicaRoot: o=netscaperoot
>>> nsDS5ReplicaType: 3
>>> nsDS5Flags: 1
>>> nsDS5ReplicaId: 11
>>> nsds5ReplicaPurgeDelay: 604800
>>> nsDS5ReplicaBindDN: cn=replication manager,cn=config
>>> nsDS5ReplicaReferral: ldap://ldap2.MyDomain.com:636/o%3dnetscaperoot
>>> cn: replica
>>> nsState:: CwCRKiRZAQ==
>>> nsDS5ReplicaName: dc964102-1dd111b2-8970c75e-6388
>>> nsds50ruv: {replicageneration} 4dcb9f79000b
>>> nsds50ruv: {replica 11 ldap://ldap1.MyDomain.com:0}
>>> nsds50ruv: {replica 21 ldap://ldap2.MyDomain.com:0}
>>> 4dda4a3a0015 4fd5f74200030015
>>> nsds5agmtmaxcsn:
>>> o=netscaperoot;2eLDAPror;ldap3.MyDomain.com;636;unavailable
>>> nsruvReplicaLastModified: {replica 11 ldap://ldap1.MyDomain.com:0}
>>> 
>>> nsruvReplicaLastModified: {replica 21 ldap://ldap2.MyDomain.com:0}
>>> 
>>> nsds5ReplicaChangeCount: 1
>>> nsds5replicareapactive: 0
>>>
>>> Tried to CleanRUV (ldif applied with ldapmodify command to all
>>> suppliers and consumers):
>>>
>>> $ cat /tmp/ldap.cleanRUV-tasks-for-netscapeRoot-replica.11.ldif
>>> dn: cn=replica,cn=o\3Dnetscaperoot,cn=mapping tree,cn=config
>>> changetype: modify
>>> replace: nsds5task
>>> nsds5task: CLEANRUV11
>>>
>>> At some moment, ldap1 replied:
>>> "ldap_modify: Server is unwilling to perform (53)"
>>>
>>> which explains nothing, because that error means:
>>>
>>> "Indicates that the LDAP server cannot process the request because of
>>> server-defined restrictions. This error is returned for the following
>>> reasons: The add entry request violates the server's structure
>>> rules...OR...The modify attribute request specifies attributes that
>>> users cannot modify...OR...Password restrictions prevent the
>>> action...OR...Connection restrictions prevent the action. 

Re: Migrating an existing system with a different OS

[Tom Horsley]

On Fri, 2 Jun 2017 10:05:04 -0400
Matthew Miller wrote:

> Qemu-kvm supports USB passthrough.

Yep. I use this fairly frequently. In virt-viewer the File
menu has a usb device selection entry which brings up
a dialog with usb devices and checkboxes. Checking a
box is like plugging that USB device into the virtual
machine, unchecking it is like unplugging it.

You can also edit the VM definition to permanently hook
up a USB device so it will always be connected to that
VM.
___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org

Re: Migrating an existing system with a different OS

[fred roller]

VMware should have an export function so you can move the images.  It is
independent of OS.  Build a fedora machine (or dual boot) with VMware and
check for function.  The last is for your learning curve with
Fedora/VMware.  Honestly, I used to just copy the files but mine was Linux
to Linux on various distros.  Like wise I used to build client VM and take
them to their system on my thumbdrive.  Moving should be fairly straight
forward.  I use Vbox now so don't have VMware up to see the menu option,
sorry, but the option to export should still be there.

-- Fred

On Fri, Jun 2, 2017 at 9:27 AM, InvalidPath  wrote:

>
>
>
> On Jun 2, 2017 6:06 AM, "Walter H."  wrote:
>
> On 31.05.2017 12:03, Patrick O'Callaghan wrote:
>
>> On Wed, 2017-05-31 at 10:01 +0200, Walter H. wrote:
>>
>>> Hello,
>>>
>>> I'm using Windows with several virtual machines (VMware);
>>>
>>> is there a way to use these virtual machines with Fedora as host OS?
>>>
>> Yes. There is a free-to-use version of VMware Workstation for Fedora.
>> Check the VMware web page. You can also convert your VMware VMs to run
>> under KVM/QEMU ('man qemu-img'). Another alternative is VirtualBox.
>>
>> poc
>>
> Hello,
>
> does this mean,
> I can have VMware Workstation for Fedora without having to pay for it?
>
> I guess the conversion of these VMware VMs won't work, as they are Windows
> VMs ...
>
> Greetings,
> Walter
>
>
>
>
>
> ___
> users mailing list -- users@lists.fedoraproject.org
> To unsubscribe send an email to users-le...@lists.fedoraproject.org
>
> Walter, I currently use Fedora as my main OS but I do need a little
> Windows from time to time. KVM/QEMU run Win10 almost better than dedicated
> hardware did!
>
> Virtualbox also runs on Linux and does a bang up job at hosting Windows,
> is there something holding you to VMware or is it a comfortability thing?
>
> ___
> users mailing list -- users@lists.fedoraproject.org
> To unsubscribe send an email to users-le...@lists.fedoraproject.org
>
>
___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org

Re: Migrating an existing system with a different OS

[InvalidPath]

On Jun 2, 2017 8:01 AM, "Walter H."  wrote:

On 02.06.2017 15:27, InvalidPath wrote:




On Jun 2, 2017 6:06 AM, "Walter H."  wrote:

On 31.05.2017 12:03, Patrick O'Callaghan wrote:

On Wed, 2017-05-31 at 10:01 +0200, Walter H. wrote:

Hello,

I'm using Windows with several virtual machines (VMware);

is there a way to use these virtual machines with Fedora as host OS?

Yes. There is a free-to-use version of VMware Workstation for Fedora.
Check the VMware web page. You can also convert your VMware VMs to run
under KVM/QEMU ('man qemu-img'). Another alternative is VirtualBox.

poc

Hello,

does this mean,
I can have VMware Workstation for Fedora without having to pay for it?

I guess the conversion of these VMware VMs won't work, as they are Windows
VMs ...

Greetings,
Walter





___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org

Walter, I currently use Fedora as my main OS but I do need a little Windows
from time to time. KVM/QEMU run Win10 almost better than dedicated hardware
did!

Virtualbox also runs on Linux and does a bang up job at hosting Windows, is
there something holding you to VMware or is it a comfortability thing?

I have two VMs which use a device I plug onto a real USB port of the host
...
(one is a scanner, and one is sometimes my cellphone - address book)

some VMs are older Windows (WinNT, Win2K) and most are WinXP(x64)

I'm not sure of a VM solution other than VMware which supports this ...

Greetings,
Walter




___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org

You can pass-through USB devices on all of them with varying degrees of
success. I run a virtualuzed Ubuntu at home that acts as a print server
using a usb printer over virtualbox. Ive pass-through'd thumbdrives over
both virtualbox and kvm before.
So it is possible with other hypervisors.
___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org

Re: Migrating an existing system with a different OS

[Matthew Miller]

On Fri, Jun 02, 2017 at 04:00:44PM +0200, Walter H. wrote:
> I have two VMs which use a device I plug onto a real USB port of the
> host ...
> (one is a scanner, and one is sometimes my cellphone - address book)
> 
> some VMs are older Windows (WinNT, Win2K) and most are WinXP(x64)
> 
> I'm not sure of a VM solution other than VMware which supports this ...

Qemu-kvm supports USB passthrough.


-- 
Matthew Miller

Fedora Project Leader
___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org

Re: Migrating an existing system with a different OS

[Matthew Miller]

On Wed, May 31, 2017 at 10:01:58AM +0200, Walter H. wrote:
> Hello,
> I'm using Windows with several virtual machines (VMware);
> is there a way to use these virtual machines with Fedora as host OS?

Yes. Qemu-kvm, the native virtualization system used in Fedora can
run vmware disk images. Or, better, you can convert them to qcow2
images, which is the best native format. Like this:


kvm-img convert -O qcow2 mywindowsvm.vmdk mywindowsvm.qcow2


-- 
Matthew Miller

Fedora Project Leader
___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org

Re: Migrating an existing system with a different OS

[Walter H.]

On 02.06.2017 15:27, InvalidPath wrote:




On Jun 2, 2017 6:06 AM, "Walter H." > wrote:


On 31.05.2017 12 :03, Patrick O'Callaghan wrote:

On Wed, 2017-05-31 at 10:01 +0200, Walter H. wrote:

Hello,

I'm using Windows with several virtual machines (VMware);

is there a way to use these virtual machines with Fedora
as host OS?

Yes. There is a free-to-use version of VMware Workstation for
Fedora.
Check the VMware web page. You can also convert your VMware
VMs to run
under KVM/QEMU ('man qemu-img'). Another alternative is
VirtualBox.

poc

Hello,

does this mean,
I can have VMware Workstation for Fedora without having to pay for it?

I guess the conversion of these VMware VMs won't work, as they are
Windows VMs ...

Greetings,
Walter





___
users mailing list -- users@lists.fedoraproject.org

To unsubscribe send an email to
users-le...@lists.fedoraproject.org


Walter, I currently use Fedora as my main OS but I do need a little 
Windows from time to time. KVM/QEMU run Win10 almost better than 
dedicated hardware did!


Virtualbox also runs on Linux and does a bang up job at hosting 
Windows, is there something holding you to VMware or is it a 
comfortability thing?


I have two VMs which use a device I plug onto a real USB port of the 
host ...

(one is a scanner, and one is sometimes my cellphone - address book)

some VMs are older Windows (WinNT, Win2K) and most are WinXP(x64)

I'm not sure of a VM solution other than VMware which supports this ...

Greetings,
Walter





smime.p7s
Description: S/MIME Cryptographic Signature
___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org

Re: Migrating an existing system with a different OS

[InvalidPath]

On Jun 2, 2017 6:06 AM, "Walter H."  wrote:

On 31.05.2017 12:03, Patrick O'Callaghan wrote:

> On Wed, 2017-05-31 at 10:01 +0200, Walter H. wrote:
>
>> Hello,
>>
>> I'm using Windows with several virtual machines (VMware);
>>
>> is there a way to use these virtual machines with Fedora as host OS?
>>
> Yes. There is a free-to-use version of VMware Workstation for Fedora.
> Check the VMware web page. You can also convert your VMware VMs to run
> under KVM/QEMU ('man qemu-img'). Another alternative is VirtualBox.
>
> poc
>
Hello,

does this mean,
I can have VMware Workstation for Fedora without having to pay for it?

I guess the conversion of these VMware VMs won't work, as they are Windows
VMs ...

Greetings,
Walter





___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org

Walter, I currently use Fedora as my main OS but I do need a little Windows
from time to time. KVM/QEMU run Win10 almost better than dedicated hardware
did!

Virtualbox also runs on Linux and does a bang up job at hosting Windows, is
there something holding you to VMware or is it a comfortability thing?
___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org

[389-users] Re: Broken replicas and CleanRUV question

[Predrag Zečević - Technical Support Analyst]

On 05/31/17 20:44, Mark Reynolds wrote:



On 05/31/2017 06:00 AM, Predrag Zečević - Technical Support Analyst wrote:

Hi all,

long time ago we have started with 389-DS and due to lack of
experience I have installed and used admin server (which is abandoned
later, because it is too complicated and requires someone at keyboard).

As consequence of that, we have started to replicate netscapeRoot
space... During time, we have upgraded s/w from initial
389-ds-1.2.1-1.el5 (started from FDS repository, moved to EPEL one
later) to today's 389-ds-base-1.3.5.14-1.el6.x86_64 (this one is
compiled from source and that was introduced before we have migrated
boxes from RHEL5 to RHEL6 - actually CentOS OS).

During various phases of upgrades, netscapeRoot replicas went out of
sync (we did not spotted that, because of bug in monitoring script -
that is another issue).

Our setup includes MultiMaster ReadWrite replication (ldap1 <-->
ldap2) and one ReadOnly (ldap3, consumes from both suppliers in MMR).

Right now, this:
$ for ldap in ldap1 ldap2; do
   ldapsearch -x -H ldaps://${ldap}.MyDomain.com -b "cn=mapping
tree,cn=config" -D "cn=Directory Manager" -w ${DMPASS} -o ldif-wrap=no
objectClass=nsDS5ReplicationAgreement |\
   awk -vLDAP=${ldap} '/^dn/ {printf("#= %s =#\n%s\n", LDAP,
$0); next}; /^nsDS5ReplicaHost:/ {printf("%s\n", $0); next;};
/^nsds5replicaLastUpdateStatus:/ {printf("%s\n", $0); next;}'
done

returns (I have excluded working MyDomain replicas output):
$ #= ldap1 =#
dn: cn=2eLDAPmmr,cn=replica,cn=o\3Dnetscaperoot,cn=mapping tree,cn=config
nsDS5ReplicaHost: ldap2.MyDomain.com
nsds5replicaLastUpdateStatus: Error (0) No replication sessions
started since server startup
#= ldap1 =#
dn: cn=2eLDAPror,cn=replica,cn=o\3Dnetscaperoot,cn=mapping tree,cn=config
nsDS5ReplicaHost: ldap3.MyDomain.com
nsds5replicaLastUpdateStatus: Error (0) No replication sessions
started since server startup
#= ldap2 =#
dn: cn=2eLDAPmmr,cn=replica,cn=o\3Dnetscaperoot,cn=mapping tree,cn=config
nsDS5ReplicaHost: ldap1.MyDomain.com
nsds5replicaLastUpdateStatus: Error (0) No replication sessions
started since server startup
#= ldap2 =#
dn: cn=2eLDAPror,cn=replica,cn=o\3Dnetscaperoot,cn=mapping tree,cn=config
nsDS5ReplicaHost: ldap3.MyDomain.com
nsds5replicaLastUpdateStatus: Error (0) No replication sessions
started since server startup

I have tried various tricks to recover that replication, but w/o luck...

When I check (for example ldap1) with this:
$ ldapsearch -xLLLo ldif-wrap=no -H ldaps://ldap1.MyDomain.com -D
'cn=directory manager' -w ${DMPASS} -b o=netscapeRoot
'(&(nsuniqueid=---)(objectclass=nstombstone))'

I get as result:
dn: cn=replica,cn=o\3Dnetscaperoot,cn=mapping tree,cn=config
objectClass: nsDS5Replica
objectClass: top
nsDS5ReplicaRoot: o=netscaperoot
nsDS5ReplicaType: 3
nsDS5Flags: 1
nsDS5ReplicaId: 11
nsds5ReplicaPurgeDelay: 604800
nsDS5ReplicaBindDN: cn=replication manager,cn=config
nsDS5ReplicaReferral: ldap://ldap2.MyDomain.com:636/o%3dnetscaperoot
cn: replica
nsState:: CwCRKiRZAQ==
nsDS5ReplicaName: dc964102-1dd111b2-8970c75e-6388
nsds50ruv: {replicageneration} 4dcb9f79000b
nsds50ruv: {replica 11 ldap://ldap1.MyDomain.com:0}
nsds50ruv: {replica 21 ldap://ldap2.MyDomain.com:0}
4dda4a3a0015 4fd5f74200030015
nsds5agmtmaxcsn:
o=netscaperoot;2eLDAPror;ldap3.MyDomain.com;636;unavailable
nsruvReplicaLastModified: {replica 11 ldap://ldap1.MyDomain.com:0}

nsruvReplicaLastModified: {replica 21 ldap://ldap2.MyDomain.com:0}

nsds5ReplicaChangeCount: 1
nsds5replicareapactive: 0

Tried to CleanRUV (ldif applied with ldapmodify command to all
suppliers and consumers):

$ cat /tmp/ldap.cleanRUV-tasks-for-netscapeRoot-replica.11.ldif
dn: cn=replica,cn=o\3Dnetscaperoot,cn=mapping tree,cn=config
changetype: modify
replace: nsds5task
nsds5task: CLEANRUV11

At some moment, ldap1 replied:
"ldap_modify: Server is unwilling to perform (53)"

which explains nothing, because that error means:

"Indicates that the LDAP server cannot process the request because of
server-defined restrictions. This error is returned for the following
reasons: The add entry request violates the server's structure
rules...OR...The modify attribute request specifies attributes that
users cannot modify...OR...Password restrictions prevent the
action...OR...Connection restrictions prevent the action. "

Right now, CleanRUV task is stuck...

You should be using the cleanAllRUV task:

https://access.redhat.com/documentation/en-us/red_hat_directory_server/10/html/configuration_command_and_file_reference/perl_scripts#cleanallruv.pl


Hi Mark,

I have tried perl script from above:

LDAP1# /usr/sbin/cleanallruv.pl -v -Z ldap1 -D "cn=directory manager" -w 
${DMPASS} -b "dn:\ 
cn=2eLDAPmmr,cn=replica,cn=o\3Dnetscaperoot,cn=mapping tree,cn=config" 
-r 11 -P LDAPS

ldap_initialize( ldaps://ldap1.MyDomain.com:636/??base )

Re: nfs problem

[Eyal Lebedinsky]

On 02/06/17 21:48, Roger Heflin wrote:

If the machine mounting the file and doing the tail has read from the
file and there is new data added in that last block and because of the
rate the data is coming into the file the timestamp on the file does
not change then the client nfs host will not know that the last block
has changed and will not know to reread it (it is already in cache).
If it is this bug/feature nfs has worked this way I think pretty much
forever at a larger scale (2 hosts each writing every other block, if
the timestamp does not change then each node will see the others
blocks as empty because of cache, at least until the timestamp changes
from what it knows it wrote).  The trick my previous job implemented
was to make sure the timestamp on the file moved ahead at least one
second so that the clients knew the file changed.  but if tail is
actively reading it while things are getting written into it I don't
see a way it would be able to work that well.

What you are describing sounds like a variant of this issue.


Thanks Roger,

Interesting, though I wonder why it worked very well until the latest kernel
series (3.10/3.11) which started showing the problem. Looks like a new "feature"
to me.

BTW, the server is also the time server and the two are well synchronised. When
a zero block shows up it can take a minute or two before the real data shows up.
I use 'less' to view the file, hit refresh (Shift-G) and soon a line of zeroes
comes along. I kept refreshing for a few minutes until the good data shows.

When I originally notices the problem (a monitoring script started showing 
garbage),
the monitored file was updated once a minute and it needed to be updated two or
three times before the real data was exported.

which I consider rather a long time for a file to present wrong content (over 
nfs).

Maybe there is an export (or mount) option I can use?

Also, I could not find a reference to this problem when I investigated the issue
initially, and as such I assumed it is my setup. But the server (f19) had no
updates or changes for a long while. It is clearly the new kernels exposing 
this,
and I tested more that one client machine to verify that they also show the 
issue.

Eyal


On Fri, Jun 2, 2017 at 5:36 AM, Eyal Lebedinsky  wrote:

On 16/04/17 17:13, Eyal Lebedinsky wrote:


I asked on AskFedora and got no response. Hoping this list is more active.

https://ask.fedoraproject.org/en/question/104010/nfs-showing-bad-data-f24/



I last (17/04) reported the problem on redhat bugzilla
https://bugzilla.redhat.com/show_bug.cgi?id=1442797
I got no reaction since. I updated the report with a test script and also
verified I have the same
problem using the latest f25 (4.11.3-100.fc25). See the details there.

Is the bugzilla active at all?

Does anyone have a server running an old kernel (3.8, 3.9) that they can
test against?
I would like to confirm that this is not just my own setup having the issue.

TIA

--
Eyal Lebedinsky (e...@eyal.emu.id.au)

--
Eyal Lebedinsky (fed...@eyal.emu.id.au)


--
Eyal Lebedinsky (fed...@eyal.emu.id.au)
___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org

Re: Migrating an existing system with a different OS

[Walter H.]

On 31.05.2017 12:03, Patrick O'Callaghan wrote:

On Wed, 2017-05-31 at 10:01 +0200, Walter H. wrote:

Hello,

I'm using Windows with several virtual machines (VMware);

is there a way to use these virtual machines with Fedora as host OS?

Yes. There is a free-to-use version of VMware Workstation for Fedora.
Check the VMware web page. You can also convert your VMware VMs to run
under KVM/QEMU ('man qemu-img'). Another alternative is VirtualBox.

poc

Hello,

does this mean,
I can have VMware Workstation for Fedora without having to pay for it?

I guess the conversion of these VMware VMs won't work, as they are 
Windows VMs ...


Greetings,
Walter






smime.p7s
Description: S/MIME Cryptographic Signature
___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org

Re: nfs problem

[Roger Heflin]

If the machine mounting the file and doing the tail has read from the
file and there is new data added in that last block and because of the
rate the data is coming into the file the timestamp on the file does
not change then the client nfs host will not know that the last block
has changed and will not know to reread it (it is already in cache).
If it is this bug/feature nfs has worked this way I think pretty much
forever at a larger scale (2 hosts each writing every other block, if
the timestamp does not change then each node will see the others
blocks as empty because of cache, at least until the timestamp changes
from what it knows it wrote).  The trick my previous job implemented
was to make sure the timestamp on the file moved ahead at least one
second so that the clients knew the file changed.  but if tail is
actively reading it while things are getting written into it I don't
see a way it would be able to work that well.

What you are describing sounds like a variant of this issue.

On Fri, Jun 2, 2017 at 5:36 AM, Eyal Lebedinsky  wrote:
> On 16/04/17 17:13, Eyal Lebedinsky wrote:
>>
>> I asked on AskFedora and got no response. Hoping this list is more active.
>>
>> https://ask.fedoraproject.org/en/question/104010/nfs-showing-bad-data-f24/
>
>
> I last (17/04) reported the problem on redhat bugzilla
> https://bugzilla.redhat.com/show_bug.cgi?id=1442797
> I got no reaction since. I updated the report with a test script and also
> verified I have the same
> problem using the latest f25 (4.11.3-100.fc25). See the details there.
>
> Is the bugzilla active at all?
>
> Does anyone have a server running an old kernel (3.8, 3.9) that they can
> test against?
> I would like to confirm that this is not just my own setup having the issue.
>
> TIA
>
> --
> Eyal Lebedinsky (e...@eyal.emu.id.au)
>
> --
> Eyal Lebedinsky (fed...@eyal.emu.id.au)
> ___
> users mailing list -- users@lists.fedoraproject.org
> To unsubscribe send an email to users-le...@lists.fedoraproject.org
___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org

Re: VPN l2tp+ipsec: not work with last kernel 4.11.3-200

[Dario Lesca]

Il giorno ven, 02/06/2017 alle 10.24 +0200, Dario Lesca ha scritto:
> Yesterday I have update my fedora 25 and after reboot VPN l2tp+ipsec
> do not work anymore.
> 
> The connection happens without problem, the routing are set
> correctly, the DNS (UDP protocol) and ping (ICMP protocol) to remote
> host work.
> 
> Only the access to some server, like ssh or smb:// (TCP protocol) do
> not work, in this case, if I monitoring on remote server with
> tcpdump, none arrives.
> 
> If I reboot with previous kernel (4.10.17) all work fine.
> 
> Some suggest?
>  
> Many thanks
> 

I have fill a bulzilla:
https://bugzilla.redhat.com/show_bug.cgi?id=1458222

-- 
Dario Lesca
(inviato dal mio Linux Fedora 25 Workstation)
___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org

Re: nfs problem

[Eyal Lebedinsky]

On 16/04/17 17:13, Eyal Lebedinsky wrote:

I asked on AskFedora and got no response. Hoping this list is more active.
https://ask.fedoraproject.org/en/question/104010/nfs-showing-bad-data-f24/


I last (17/04) reported the problem on redhat bugzilla
https://bugzilla.redhat.com/show_bug.cgi?id=1442797
I got no reaction since. I updated the report with a test script and also 
verified I have the same
problem using the latest f25 (4.11.3-100.fc25). See the details there.

Is the bugzilla active at all?

Does anyone have a server running an old kernel (3.8, 3.9) that they can test 
against?
I would like to confirm that this is not just my own setup having the issue.

TIA

--
Eyal Lebedinsky (e...@eyal.emu.id.au)

--
Eyal Lebedinsky (fed...@eyal.emu.id.au)
___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org

Re: repomd.xml cannot verified at repo openh264/F26

[Ed Greshko]

On 06/02/17 15:23, Robert Lu wrote:
> Hi,
>
> At Beginning, I imported the gpg key. And I don't modify gpg keys.
>
> The log is:
>
> $ rpm -q gpg-pubkey --qf '%{name}-%{version}-%{release} -->
> %{summary}\n' | grep -i 64DAB85D
> gpg-pubkey-64dab85d-57d33e22 --> gpg(Fedora 26 Primary (26)
>  >)
> $ sudo dnf upgrade -v
> Loaded plugins: builddep, config-manager, copr, debug,
> debuginfo-install, download, generate_completion_cache,
> needs-restarting, playground, repoclosure, repograph, repomanage,
> reposync, system-upgrade
> DNF version: 2.5.0
> cachedir: /var/cache/dnf
> repo: using cache for: robberphex-kitematic
> not found deltainfo for: Copr repo for kitematic owned by robberphex
> not found updateinfo for: Copr repo for kitematic owned by robberphex
> robberphex-kitematic: using metadata from Wed May 31 03:48:48 2017 CST.
> repo: using cache for: adobe-linux-x86_64
> not found deltainfo for: Adobe Systems Incorporated
> not found updateinfo for: Adobe Systems Incorporated
> adobe-linux-x86_64: using metadata from Thu Apr 27 15:15:24 2017 CST.
> Cannot download
> 'https://codecs.fedoraproject.org/openh264/26/x86_64/': repomd.xml GPG
> signature verification error: Bad GPG signature.
> Error: Failed to synchronize cache for repo 'fedora-cisco-openh264'


Make sure you've updated your system.  And, check your /etc/yum.repos.d
directory for a fedora-cisco-openh264.repo.rpmnew file.  If it exists
copy it to fedora-cisco-openh264.repo then do a "dnf clean metadata" and
try again.


-- 
Fedora Users List - The place to go to speculate endlessly
___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org

VPN l2tp+ipsec: not work with last kernel 4.11.3-200

[Dario Lesca]

Yesterday I have update my fedora 25 and after reboot VPN l2tp+ipsec do
not work anymore.

The connection happens without problem, the routing are set correctly,
the DNS (UDP protocol) and ping (ICMP protocol) to remote host work.

Only the access to some server, like ssh or smb:// (TCP protocol) do
not work, in this case, if I monitoring on remote server with tcpdump,
none arrives.

If I reboot with previous kernel (4.10.17) all work fine.

Some suggest?
 
Many thanks

-- 
Dario Lesca
(inviato dal mio Linux Fedora 25 Workstation)
___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org

Re: repomd.xml cannot verified at repo openh264/F26

[Robert Lu]

Hi,

At Beginning, I imported the gpg key. And I don't modify gpg keys.

The log is:

$ rpm -q gpg-pubkey --qf '%{name}-%{version}-%{release} --> %{summary}\n' |
grep -i 64DAB85D
gpg-pubkey-64dab85d-57d33e22 --> gpg(Fedora 26 Primary (26) <
fedora-26-prim...@fedoraproject.org>)
$ sudo dnf upgrade -v
Loaded plugins: builddep, config-manager, copr, debug, debuginfo-install,
download, generate_completion_cache, needs-restarting, playground,
repoclosure, repograph, repomanage, reposync, system-upgrade
DNF version: 2.5.0
cachedir: /var/cache/dnf
repo: using cache for: robberphex-kitematic
not found deltainfo for: Copr repo for kitematic owned by robberphex
not found updateinfo for: Copr repo for kitematic owned by robberphex
robberphex-kitematic: using metadata from Wed May 31 03:48:48 2017 CST.
repo: using cache for: adobe-linux-x86_64
not found deltainfo for: Adobe Systems Incorporated
not found updateinfo for: Adobe Systems Incorporated
adobe-linux-x86_64: using metadata from Thu Apr 27 15:15:24 2017 CST.
Cannot download 'https://codecs.fedoraproject.org/openh264/26/x86_64/':
repomd.xml GPG signature verification error: Bad GPG signature.
Error: Failed to synchronize cache for repo 'fedora-cisco-openh264'


On Fri, Jun 2, 2017 at 1:36 PM, Ed Greshko  wrote:

> On 06/02/17 12:10, Robert Lu wrote:
> > I meet this bug: https://bugzilla.redhat.com/show_bug.cgi?id=1445817
> > 
> >
> > When I run dnf upgrade, it faild:
> >
> > Cannot download 'https://codecs.fedoraproject.org/openh264/26/x86_64/
> > ': repomd.xml
> > GPG signature verification error: Bad GPG signature.
> > Error: Failed to synchronize cache for repo 'fedora-cisco-openh264'
> >
> > So, I tried to verify repomd.xml manually, the result is:
> >
> > $gpg --list-keys
> > $gpg --import  /etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-26-x86_64
> > gpg: key 64DAB85D: public key "Fedora 26 Primary (26)
> >  > >" imported
> > gpg: Total number processed: 1
> > gpg:   imported: 1  (RSA: 1)
> > $gpg --list-keys
> > /home/rlu/.gnupg/pubring.gpg
> > 
> > pub   4096R/64DAB85D 2016-09-09
> > uid  Fedora 26 Primary (26)
> >  > >
> >
> > $gpg --verify repomd.xml.asc repomd.xml
> > gpg: Signature made Sat 25 Mar 2017 02:41:50 AM CST using RSA key ID
> > 64DAB85D
> > gpg: Good signature from "Fedora 26 Primary (26)
> >  > >"
> > gpg: WARNING: This key is not certified with a trusted signature!
> > gpg:  There is no indication that the signature belongs to the
> > owner.
> > Primary key fingerprint: E641 850B 77DF 4353 78D1  D7E2 812A 6B4B 64DA
> > B85D
> >
> > I think this is a success result.
> > But why dnf is failed?
>
>
> Could it be because you're importing the key into your personal keyring?
>
> What does
>
> rpm -q gpg-pubkey --qf '%{name}-%{version}-%{release} --> %{summary}\n'
> | grep -i 64DAB85D
>
> return?
>
> FYI
>
> [root@localhost ~]# rpm -q gpg-pubkey --qf
> '%{name}-%{version}-%{release} --> %{summary}\n' | grep -i 64DAB85D
> gpg-pubkey-64dab85d-57d33e22 --> gpg(Fedora 26 Primary (26)
> )
>
> [root@localhost ~]# dnf config-manager --set-enabled fedora-cisco-openh264
> [root@localhost ~]# dnf install gstreamer1-plugin-openh264
> mozilla-openh264
> Fedora 26 openh264 (From Cisco) - x86_64   4.5 kB/s | 2.8 kB
> 00:00
> Fedora 26 - x86_64 - Test Updates  2.0 MB/s |  22 MB
> 00:11
> Fedora 26 - x86_64 - Updates   2.3 kB/s | 257  B
> 00:00
> Last metadata expiration check: 0:00:00 ago on Fri Jun 02 13:31:51 2017
> CST.
> Dependencies resolved.
> 
> ===
>  Package ArchVersion
> Repository  Size
> 
> ===
> Installing:
>  gstreamer1-plugin-openh264  x86_64  1.10.4-1.fc26
> fedora-cisco-openh264   19 k
>  mozilla-openh264x86_64  1.6.0-5.fc26
> fedora-cisco-openh264  364 k
> Installing dependencies:
>  openh264x86_64  1.6.0-5.fc26
> fedora-cisco-openh264  359 k
>
> Transaction Summary
> 
> ===
> Install  3 Packages
>
> Total download size: 743 k
> Installed size: 2.0 M
> Is this ok [y/N]: y
> Downloading Packages:
> (1/3): gstreamer1-plugin-openh264-1.10.4-1.fc26.x8  12 kB/s |  19 kB
> 00:01
> (2/3): openh264-1.6.0-5.fc26.x86_64.rpm172 kB/s | 359 kB
> 00:02
> (3/3): mozilla-openh264-1.6.0-5.fc26.x86_64.rpm170 kB/s | 364 kB
> 00:02
>